Vulnerability Development mailing list archives
RE: Covert Channels
From: Omar Herrera <oherrera () prodigy net mx>
Date: Wed, 23 Oct 2002 16:20:10 -0600
I do not think that the concept of covert channel has to be related with Trusted Systems, there are a lot of examples where there is a covert channel and no trusted system in place (I think this is true for most of the cases since trusted system usage and deployment is not "extensive"). A few definitions of covert channel I found: "covert channel: 1. A transmission channel that may be used to transfer data in a manner that violates security policy. [2382-pt.8] 2. [An] unintended and/or unauthorized communications path that can be used to transfer information in a manner that violates an information system (IS) security policy. [INFOSEC-99]" (http://www.atis.org/tg2k/_covert_channel.html) "Covert Channel - A communication channel that allows a process to transfer information in a manner that violates the system's security policy. See also: Covert Storage Channel, Covert Timing Channel." (http://www.kernel.org/pub/linux/libs/security/Orange-Linux/refs/Orange/ Orange0-5.html) "A covert channel means a communication channel that allows an information flow contrary to the security requirements. There is a distinction between time and storage channels. A time channel is a communication path utilizing the time behavior of the system for the system for the transmission of information. A storage channel utilizes the (finite) resources of a computer." (http://www.informatik.uni-bremen.de/gdpa/methods/m-acc.htm) So in essence a covert channel is an unintended and/or unauthorized communication path to transfer information as I see it, whether there is a trusted system in place or not. The concept of security policy appears in some of the definitions and I think it is important to formalize the existence of authorized and unauthorized communications. Omar Herrera -----Original Message----- From: Richard Masoner [mailto:richardmasoner () yahoo com] Sent: MiƩrcoles, 23 de Octubre de 2002 01:57 p.m. To: Michal Zalewski; Frank Knobbe Cc: vuln-dev () securityfocus com; pen-test () securityfocus com Subject: RE: Covert Channels I've only been following this thread peripherally, but isn't covert channel discussion limited to analyzing the assurance of Trusted Systems? Perhaps my view is limited since Trusted System development is something I've done, but it seems to me that this thread has been on steganography instead of covert channels of communication. On a trusted system, for example, a user isn't going to modify the IP header to steganographically send secret information, because he can't. In the Trusted Systems world, covert channel analysis and detection is something that is done, and in that community it's considered science, not snake oil. Part of covert channel detection, for example, might be flagging a user who copies text from an X window and pastes that text into an X window that's at a lower privilege level. Richard Masoner __________________________________________________ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/
Current thread:
- RE: Covert Channels, (continued)
- RE: Covert Channels Omar Herrera (Oct 23)
- Re: Covert Channels Mark Grimes (Oct 17)
- RE: Covert Channels Michael Wojcik (Oct 17)
- RE: Covert Channels Jeremy Junginger (Oct 17)
- Re: Covert Channels FX (Oct 17)
- RE: Covert Channels Jeremy Junginger (Oct 18)
- RE: Covert Channels Chris Anley (Oct 22)
- RE: Covert Channels Frank Knobbe (Oct 23)
- RE: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Richard Masoner (Oct 23)
- RE: Covert Channels Omar Herrera (Oct 23)
- Re: Covert Channels Timothy J. Miller (Oct 23)
- Re: Covert Channels David Wagner (Oct 24)
- RE: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Brooke, O'neil (EXP) (Oct 23)
- RE: Covert Channels Anton Aylward (Oct 23)
- RE: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Jose Nazario (Oct 24)
- Re: Covert Channels David Wagner (Oct 24)